CVE-2023-1663 in Coveritythông tin

Tóm tắt

Bởi MITRE • 29/03/2023

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

Synopsys

Đặt trước

27/03/2023

Tiết lộ

29/03/2023

Kiểm duyệt

được chấp nhận

mục

VDB-224465

CPE

sẵn sàng

CWE

CWE-425 (Đã xác nhận)

CVSS

5.3 (NVD)

EPSS

0.00431

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-1663
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-1663
CVE Details	https://www.cvedetails.com/cve/CVE-2023-1663/

◂ Trước Tổng Quan Tiếp theo ▸

Do you need the next level of professionalism?

Upgrade your account now!